SoylentNews is people
SoylentNews
Purism Disables Intel ME On Its Privacy-Focused Librem Laptops
Purism, a startup that aims to develop privacy-focused devices, announced that it has now disabled Intel's Management Engine (ME). The company, and many privacy activists, believe that because Intel's ME is a black box to the user, it could hide backdoors from certain intelligence agencies. Alternatively, it may contain vulnerabilities that could even be unknown to Intel, but which might still be exploited by sophisticated attackers to bypass the operating system's security.
[...] The Librem laptops use Coreboot firmware, which is an open source alternative to BIOS and UEFI for Linux. The company said that using Coreboot is one of the primary reasons why they were able to disable Intel ME in the first place. Coreboot allowed them to dig down on how the processor interacts with this firmware and with the operating system.
Purism had already "neutralized" the Intel ME system on its Librem laptops, which essentially meant that the mission-critical components of Intel ME were removed. However, this could still cause some errors, because the Intel ME would still be "fighting" Coreboot's attempt to neutralize it. With the new method that disables it, the Intel ME can be shut down gracefully. Purism's laptops will continue to support both methods for extra security, just in case the Intel ME is able to "wake-up" somehow, after it's disabled.
[...] Both Librem 13 and Librem 15 laptop models will now ship with Intel ME disabled by default. Customers who have purchased the older Librem laptops will also receive an update that will disable Intel ME on their systems.
Related: Purism Exceeds $1 Million in Funding for Librem 5 Linux-Based Smartphone
How-To: Disabling the Intel Management Engine
(Score: 1, Interesting) by Anonymous Coward on Sunday October 22 2017, @09:32PM (1 child)
Sadly SMM and AMT have their own mode instructions that aren't publicly documented and that could potentially* escalate from ring3 all the way down to ring-2 and -3 which are a single browser sandboxing exploit away from owning your box.
Overall, working with Intel like Purism is the correct way to go about this. It's quite possible some processors have internal erratas calling for different disabling steps for rings -2 and -3 that, if not followed, could leave your system at risk. So, at the very least we really need Intel to confirm which processors are safe to disable ME on. Ideally, of course, Purism will manage to get Intel to produce a few CPUs with ME fused off the circuitry. It's still a relatively compromised position of trusting Intel to not blatantly lie to us. But otherwise there are modern techniques to sift through the available instructions ( https://www.youtube.com/watch?v=KrksBdWcZgQ [youtube.com] ) that we can run at hypervisor mode and, with a great degree of certainty, be sure there aren't too many surprises under the hood.
Of course, an open source fixed width instruction set with exposed pipelines or fully documented branching that we can fuzz all possible instructions on and measure their execution times to know with absolute certainty there aren't any special backdoor in the CPU is the dream. But I fear it will take a while longer before we'll ever see something like that in the consumer markets.
*Either due to a hardware bug or a bad software implementation due to a lack of proper documentations.
(Score: 0) by Anonymous Coward on Sunday October 22 2017, @09:36PM
p.s. I meant the consumer Desktop market... There are already a few such cores we can trust in the embedded and server world.